SitePoint Sponsor

User Tag List

Results 1 to 5 of 5
  1. #1
    SitePoint Enthusiast
    Join Date
    Mar 2003
    Location
    spain
    Posts
    25
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Exclamation PHP4 native session API

    Do anyone note this:

    disable cookies in browser,
    enable trans_sid .. (in php.ini) and test sessions

    when first open session generated and created,
    If you call your script with ?sid=dfs8079s, PHP will create dfs8079s session !!!!!!! and track all time with this session name!!!!

    Is not strange!!!! before testing I suppose PHP will invalidate session names that it didn't create before!?!?!?!?!
    Last edited by BillyJoe; Mar 30, 2003 at 16:02.

  2. #2
    No. Phil.Roberts's Avatar
    Join Date
    May 2001
    Location
    Nottingham, UK
    Posts
    1,142
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    PHP creates the session at the start of the session. If the session Id has expired then then it will create a new one. This surprises you?

  3. #3
    SitePoint Enthusiast
    Join Date
    Mar 2003
    Location
    spain
    Posts
    25
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Phil.Roberts
    PHP creates the session at the start of the session. If the session Id has expired then then it will create a new one. This surprises you?
    You understand nothing.

    disable cookies, and for example open this forum.
    Now you can see sid assigned to you.
    Try to change sid number in http query, now put mouse pointer over a link, -> SID it isn't the one you send in query.
    SitePoint sessions system invalidate session values that itself didn't create before.

    No sessions handler should track sessions that are set by user.

    Did you understand me now?

  4. #4
    No. Phil.Roberts's Avatar
    Join Date
    May 2001
    Location
    Nottingham, UK
    Posts
    1,142
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Well of course it isn't. The session you send in the URL has expired or doesn't exist, and PHP will set you a new one.

    Besides, vBulletin doesn't even use the native PHP session handler, it has its own custom system.

  5. #5
    SitePoint Enthusiast
    Join Date
    Mar 2003
    Location
    spain
    Posts
    25
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •